I’m a Software Security Engineer at Qualcomm, where I build and maintain the security execution stack of their chipsets.
Previously, I did my PhD with the VUSec group at VU Amsterdam, where I devised techniques to track data and uncover vulnerabilities. Before that, I did my MS at UC San Diego, where I hacked on avionics equipment and compiler internals with the security group. And before, I did my BS at the University of Arizona, where I poked around with code deobfuscation and anti-analysis tricks with the Lynx Project.
Some of my research has resulted in open-source contributions. Here are some highlights:
(In progress) — Linux kernel, LLVM project: KernelDataFlowSanitizer (KDFSAN), a generalized dynamic data flow analysis for the kernel
[Linux port | LLVM port | contact me for an up-to-date version]
(Submitted) — Linux kernel: Mitigate a memory corruption vulnerability in the DMA pool allocator [series]
📣 “Very cool finding, this is nice work!” –Greg KH [quote]
(High praise in the kernel world.)
(Submitted) — Linux kernel: Fix hundreds of inconsistent DMA accesses in VMware’s VMXNET3 driver [series]
May 2024 — Linux kernel: Add a fix for unaligned I/O accesses and a regression test to KernelMemorySanitizer (KMSAN) [patch1 | patch2]
Apr. 2024 — Linux kernel: Improve the address‑to‑line script perf. by 15x [series]
Feb. 2022 — Linux kernel: Mitigate list iterator’s speculative type confusion bugs
[92 patches | co-work with Jakob Koschel]
📝 LWN coverage: 02/2022, 03/2022
Oct. 2016 — OpenVPN, Kerberos, others: Mitigate cases of the compiler optimizing out sensitive memory clear operations
Dynamic Detection of Vulnerable DMA Race Conditions
B. Johannesmeyer, R. Isemann, C. Giuffrida, H. Bos
Under review
Information Flow‑Based Vulnerability Modeling
B. Johannesmeyer
PhD Thesis, Vrije Universiteit Amsterdam, 2025
Practical Data-Only Attack Generation [paper | slides | poster | code | video]
B. Johannesmeyer, A. Slowinska, H. Bos, C. Giuffrida
USENIX Security 2024
🏆 CSAW Best Paper Award Runner-up
Data-Only Attacks Are Easier than You Think [web]
B. Johannesmeyer, H. Bos, C. Giuffrida, A. Slowinska
USENIX ;login: 2024
Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel [paper | slides | poster | web | code | video]
B. Johannesmeyer, J. Koschel, K. Razavi, H. Bos, C. Giuffrida
NDSS 2022
🏆 DCSR Paper Award Runner-up
🏆 Qualcomm Innovation Fellowship Runner-Up for follow-up proposal
On the Effectiveness of Same-Domain Memory Deduplication
[paper | slides | web | code]
A. Costi, B. Johannesmeyer, E. Bosman, C. Giuffrida, H. Bos
ACM EuroSec 2022
Triton: A Software-Reconfigurable Federated Avionics Testbed [paper]
S. Crow, B. Farinholt, B. Johannesmeyer, K. Koscher, S. Checkoway, S. Savage, A. Schulman, A.C. Snoeren, K. Levchenko
USENIX CSET 2019
FaCT: A DSL for Timing-Sensitive Computation [paper | slides | code | video]
S. Cauligi, G. Soeller, B. Johannesmeyer, F. Brown, R.S. Wahby, J. Renner, B. Grégoire, G. Barthe, R. Jhala, D. Stefan
ACM PLDI 2019
FaCT: A Flexible Constant-Time Programming Language [paper | slides | code]
S. Cauligi, G. Soeller, F. Brown, B. Johannesmeyer, Y. Huang, R. Jhala, D. Stefan
IEEE SecDev 2017
Dead Store Elimination (Still) Considered Harmful [paper | video]
Z. Yang, B. Johannesmeyer, A.T. Olesen, S. Lerner, K. Levchenko
USENIX Security 2017
A Generic Approach to Automatic Deobfuscation of Executable Code
[paper | web | code | video]
B. Yadegari, B. Johannesmeyer, B. Whitely, S. Debray
IEEE S&P 2015
🏆 CSAW Best Paper Award Runner-up
Identifying Understanding Self-Checksumming Defenses in Software [paper | web]
J. Qiu, B. Yadegari, B. Johannesmeyer, S. Debray, X. Su
ACM CODASPY 2015
A Framework for Understanding Dynamic Anti-Analysis Defenses [paper | web]
J. Qiu, B. Yadegari, B. Johannesmeyer, S. Debray, X. Su
ACM PPREW 2014